package com.pagoda.nerp.trade.common.component.auth.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * 扩展Shiro的role filter
 * Created by Jungle on 2017/1/4.
 */
public class H5RoleFilter extends AccessControlFilter {

    /**
     * 通过条件
     * @param request
     * @param response
     * @param mappedValue
     * @return
     * @throws Exception
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {

        // 取到参数[2008,2009] ，强制转换判断。
        String[] arra = (String[])mappedValue;
        System.out.println("================h5shiro=====" + arra.toString());
        Subject subject = getSubject(request, response);
        for (String role : arra) {
            //判断是否有拥有当前权限，有则返回true
            if(subject.hasRole("role:" + role)){
                return true;
            }
        }
        return false;
    }

    /**
     * 不通过条件
     * @param servletRequest
     * @param servletResponse
     * @return
     * @throws Exception
     */
    @Override
    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return false;
    }
}
